Powershell: Get SHA256 Thumbprint from vCenter server using Powershell Core. (NSX-T Compute Manager Registration related)
Summary:
Had a need to pull a target vCenter's SSL certificate and convert it's thumbprint to SHA256 format to register to NSX-T Manager using Powershell core. Servicepoint was not available in Core.
Noticed also recently Lam updated his approach to take Core into account. My approach is slightly different and my script will also return the certificate object back if you so choose rather than just the SHA256 value. Anyway, I've tested in PS Core 6.0.4 and 6.1 on Ubuntu, CentOS, and MacOS and my function seems to work fine. Let me know if you see otherwise.
GIST below:
Had a need to pull a target vCenter's SSL certificate and convert it's thumbprint to SHA256 format to register to NSX-T Manager using Powershell core. Servicepoint was not available in Core.
Noticed also recently Lam updated his approach to take Core into account. My approach is slightly different and my script will also return the certificate object back if you so choose rather than just the SHA256 value. Anyway, I've tested in PS Core 6.0.4 and 6.1 on Ubuntu, CentOS, and MacOS and my function seems to work fine. Let me know if you see otherwise.
GIST below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-SSLCert{ | |
[CmdletBinding()] | |
<# | |
.SYNOPSIS | |
Gets SSL certificate of remote system. | |
.DESCRIPTION | |
Gets SSL certificate of remote system in order to get it's thumbprint. | |
.EXAMPLE | |
Get-SSLCert tech.zsoldier.com | |
Returns the certificate as object. | |
.EXAMPLE | |
Get-SSLCert tech.zsoldier.com -SHA256Thumbprint | |
This will simply output the certificates thumbprint as SHA256 format replacing "-" with ":". | |
Made to enable capturing a vCenter certificate's thumbprint in SHA256 format to register in NSX-T as a compute manager. | |
.PARAMETER SHA256Thumbprint | |
Captures certificate and outputs SHA256 formatted thumbprint. Defaults to false. | |
.PARAMETER URI | |
Required string value can be DNS or IP Address. | |
.PARAMETER Port | |
Define the port to connect to. 443 is default, can be modified to match endpoints actual port for SSL communications. | |
Port 636 is met w/ mixed results, unsure why this has issues. Try using 3389 instead to get cert. | |
.PARAMETER DownloadCert | |
Downloads the target's cert to current path. | |
.NOTES | |
Authored by: K. Chris Nakagaki | |
https://tech.zsoldier.com | |
#> | |
param ( | |
[Parameter(Mandatory=$true)] | |
[ValidateNotNullOrEmpty] | |
[string] | |
$URI, | |
[Parameter(Mandatory=$false)] | |
[switch] | |
$SHA256Thumbprint=$false, | |
[int] | |
$Port = 443, | |
[switch] | |
$DownloadCert | |
) | |
$Certificate = $null | |
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient | |
try | |
{ | |
$TcpClient.Connect($URI, $Port) | |
$TcpStream = $TcpClient.GetStream() | |
$Callback = { param($sender, $cert, $chain, $errors) return $true } | |
$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback) | |
try | |
{ | |
$SslStream.AuthenticateAsClient($URI) | |
$Certificate = $SslStream.RemoteCertificate | |
} | |
finally | |
{ | |
$SslStream.Dispose() | |
} | |
} | |
finally | |
{ | |
$TcpClient.Dispose() | |
} | |
if ($Certificate) { | |
if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) { | |
$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate | |
} | |
$SHA256 = [Security.Cryptography.SHA256]::Create() | |
$Bytes = $Certificate.GetRawCertData() | |
$HASH = $SHA256.ComputeHash($Bytes) | |
$thumbprint = [BitConverter]::ToString($HASH).Replace('-',':') | |
Switch ($SHA256Thumbprint) | |
{ | |
$false | |
{ | |
Write-Output $Certificate | |
} | |
$true | |
{ | |
Write-Output $thumbprint | |
} | |
} | |
Switch ($DownloadCert) | |
{ | |
$false | |
{ | |
Write-Output $Certificate | |
} | |
$true | |
{ | |
$randomnum = Get-Random | |
$subjectname = $Certificate.subject.replace("C=","").replace("CN=","").replace(",","") | |
$randomfilename = ($subjectname + $randomnum + ".cer") | |
$directory = (Get-Location).path | |
[System.IO.File]::WriteAllBytes(($directory + "/" + $randomfilename),$Certificate.RawData) | |
} | |
} | |
} | |
} |
Comments
I am in a learning curve of PowerShell, if you don't mine can you please walk me through how to use this script.
Thanks for understanding.